Privacy Policy

1. Introduction

Kynship LLC ("we," "us," or "our") operates Kynship Vault, a secure credential management system that enables users to connect their e-commerce and advertising platform accounts for automated data retrieval and business intelligence. This Privacy Policy describes how we collect, use, and protect your information when you use our service.

By using Kynship Vault, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring the security of your data.

2. Information We Collect

2.1 Information You Provide

• Account Information: Brand name, contact email address
• Authentication Credentials: OAuth tokens, API credentials, and authorization data from connected platforms
• Configuration Data: Platform-specific settings and preferences

2.2 Information We Receive from Third-Party Platforms

When you connect your accounts, we receive data from the following platforms based on the permissions you grant:

2.3 Technical Information

• Log Data: IP addresses, browser information, access times
• Usage Data: How you interact with our service
• API Usage Logs: Records of data access and extraction activities

3. How We Use Your Information

3.1 Primary Purposes

• Credential Management: Securely store and manage your platform credentials
• Data Retrieval: Access your connected platforms to retrieve business data
• Business Intelligence: Process data for forecasting and analysis
• Service Operations: Maintain, improve, and support our service

3.2 Data Processing Activities

• Automated data extraction and synchronization
• Data aggregation and analysis for business insights
• Performance monitoring and optimization
• Security monitoring and fraud prevention

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

• Consent: When you explicitly consent to data processing
• Contract: To provide services you've requested
• Legitimate Interest: To improve our service and prevent fraud
• Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Limited Sharing Scenarios

• Service Providers: Trusted third-party services that help us operate (e.g., cloud hosting)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Your Consent: When you explicitly authorize sharing

6. Data Security and Protection Mechanisms

6.1 Encryption and Data Protection

• Encryption in Transit: All data transmission uses TLS 1.3 with minimum 256-bit encryption
• Encryption at Rest: All stored data is encrypted using AES-256 encryption with rotating encryption keys
• Database Security: Database connections use encrypted channels with certificate validation
• API Security: All API communications require HTTPS and use token-based authentication
• Key Management: Encryption keys are managed through secure key management systems with regular rotation

6.2 Sensitive Data Protection

• OAuth Tokens: Access tokens are encrypted and stored separately from business data
• API Credentials: All API credentials use secure storage with environment-based encryption
• Financial Data: Transaction data is tokenized and encrypted with additional security layers
• Customer Information: Personal data is pseudonymized where possible and encrypted with field-level encryption
• Session Security: Session tokens use cryptographically secure random generation and automatic expiration
• Password Protection: We never store platform passwords - all connections use OAuth 2.0 delegation

6.3 Access Controls and Authentication

• Multi-Factor Authentication: Administrative access requires MFA verification
• Role-Based Access: Data access is limited based on job function and least privilege principles
• Access Logging: All data access is logged with user identification and timestamp
• Network Security: Systems are protected by firewalls and network segmentation
• Zero-Trust Architecture: All internal communications require authentication and authorization

6.4 Infrastructure Security

• Secure Hosting: Systems hosted on SOC 2 Type II certified cloud infrastructure
• Regular Updates: Operating systems and software receive security patches within 48 hours of release
• Vulnerability Management: Regular security scanning and penetration testing
• Backup Security: Encrypted backups stored in geographically separate locations
• Disaster Recovery: Tested backup and recovery procedures with RTO/RPO objectives

6.5 Monitoring and Incident Response

• 24/7 Monitoring: Continuous security monitoring with automated threat detection
• Intrusion Detection: Real-time monitoring for unauthorized access attempts
• Security Logs: Comprehensive logging of all security events with retention for audit purposes
• Incident Response: Documented procedures for security incident handling and notification
• Regular Audits: Third-party security assessments and compliance audits
• Employee Training: Regular security awareness training for all personnel

6.6 OAuth Security and API Protection

• OAuth 2.0 Implementation: Industry-standard OAuth 2.0 with PKCE for enhanced security
• Token Management: Secure token storage with automatic refresh and revocation capabilities
• API Rate Limiting: Protection against abuse through rate limiting and throttling
• Scope Minimization: Request only necessary permissions from connected platforms
• Token Expiration: Regular token refresh and automatic expiration of unused tokens

6.7 Data Anonymization and Pseudonymization

• Data Masking: Sensitive data is masked in non-production environments
• Pseudonymization: Personal identifiers replaced with pseudonyms where technically feasible
• Aggregation: Data analysis performed on aggregated datasets when possible
• Data Minimization: Only collect and process data necessary for stated purposes
• Retention Limits: Automatic deletion of data beyond retention requirements

7. Data Retention

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data may be retained for up to 2 years
• Legal Requirements: Some data may be retained longer as required by law
• Account Deletion: You can request immediate data deletion

8. Your Rights and Choices

8.1 Access and Control

• Access: View your personal data and processing activities
• Correction: Update or correct your information
• Deletion: Request deletion of your data
• Portability: Export your data in a portable format
• Restriction: Limit processing of your data

8.2 Platform Connections

• Disconnect: Remove platform connections at any time
• Revoke Access: Revoke OAuth permissions through platform settings
• Data Cleanup: Request removal of platform-specific data

9. Platform-Specific Compliance

9.1 Google API Services

Our use of Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We only request necessary permissions for our stated functionality
• Data is used solely for providing and improving our service
• We do not transfer data to others unless legally required
• Human access to data is limited and monitored

9.2 Shopify Requirements

We comply with Shopify's Partner Program requirements and data protection standards.

9.3 Meta/Facebook Platform

Our service complies with Facebook's Platform Policy and Business Tools Terms.

9.4 Amazon Developer Services

We adhere to Amazon's Selling Partner API Agreement and data usage policies.

9.5 TikTok for Business

Our service complies with TikTok's Developer Terms of Service and data policies.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Other lawful transfer mechanisms

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising privacy rights

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notifications for material changes

14. Contact Information

15. Compliance Certifications

We maintain compliance with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• SOC 2 Type II security standards
• Platform-specific data policies and requirements

16. Terms of Service

16.1 Acceptance of Terms

By accessing or using Kynship Vault ("Service"), you agree to be bound by these Terms of Service and our Privacy Policy. If you do not agree to these terms, you may not use our Service.

16.2 Service Description

Kynship Vault is a secure credential management system that enables users to connect their e-commerce and advertising platform accounts for automated data retrieval and business intelligence purposes.

16.3 User Accounts and Responsibilities

• Account Security: You are responsible for maintaining the confidentiality of your account credentials
• Accurate Information: You agree to provide accurate, current, and complete information
• Authorized Use: You may only connect accounts and platforms you own or have authorization to access
• Compliance: You agree to comply with all applicable laws and platform terms of service
• Prohibited Activities: You may not use the Service for illegal activities, data scraping beyond authorized use, or circumventing platform restrictions

16.4 Platform Integrations

• Third-Party Terms: Your use of connected platforms (Shopify, Google, Meta, Amazon, TikTok) remains subject to their respective terms of service
• API Compliance: We comply with all platform API terms and usage policies
• Data Access: We only access data within the scope of permissions you explicitly grant
• Platform Changes: Platform API changes may affect service functionality; we will make reasonable efforts to maintain compatibility

16.5 Service Availability and Support

• Uptime: We strive for 99.9% service availability but cannot guarantee uninterrupted access
• Maintenance: Scheduled maintenance will be announced in advance when possible
• Support: Technical support is provided via email during business hours
• Updates: We may update or modify the Service to improve functionality and security

16.6 Data Usage and Ownership

• Your Data: You retain ownership of all data you provide or we retrieve on your behalf
• Service Data: We may use aggregated, anonymized data to improve our Service
• Data Portability: You can export your data at any time
• Data Deletion: You can request deletion of your data, subject to legal retention requirements

16.7 Intellectual Property

• Our IP: Kynship Vault software, trademarks, and proprietary technology remain our intellectual property
• User Content: You retain rights to your content and data
• License: You grant us a limited license to process your data as necessary to provide the Service
• Feedback: Any feedback you provide about our Service may be used by us without restriction

16.8 Limitation of Liability

• Service Limitations: The Service is provided "as is" without warranties of any kind
• Indirect Damages: We are not liable for indirect, incidental, or consequential damages
• Maximum Liability: Our total liability is limited to the amount paid by you in the 12 months preceding the claim
• Data Loss: While we implement robust backup systems, you should maintain your own data backups
• Third-Party Actions: We are not responsible for actions or policies of connected platforms

16.9 Indemnification

You agree to indemnify and hold harmless Kynship LLC from any claims, damages, or expenses arising from your use of the Service, violation of these terms, or infringement of third-party rights.

16.10 Termination

• By You: You may terminate your account at any time
• By Us: We may suspend or terminate accounts for violations of these terms
• Effect of Termination: Upon termination, your access will cease and data may be deleted according to our retention policy
• Survival: Provisions regarding liability, indemnification, and intellectual property survive termination

16.11 Dispute Resolution

• Governing Law: These terms are governed by the laws of California, United States
• Jurisdiction: Disputes will be resolved in the courts of Orange County, California
• Mediation: We encourage mediation before pursuing legal action
• Class Action Waiver: You agree to resolve disputes individually, not as part of a class action

16.12 Changes to Terms

We may update these Terms of Service from time to time. Continued use of the Service after changes constitutes acceptance of the new terms. Material changes will be communicated via email or service notifications.

16.13 Contact for Terms-Related Questions

For questions about these Terms of Service, please contact us at info@kynship.co or at the address provided in our Privacy Policy.